You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by kw...@apache.org on 2020/10/22 07:38:27 UTC
[jackrabbit-filevault] branch master updated: JCRVLT-433 warn on
ineffective achandling (#102)
This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git
The following commit(s) were added to refs/heads/master by this push:
new 27459d3 JCRVLT-433 warn on ineffective achandling (#102)
27459d3 is described below
commit 27459d3ffc7896c1be2abcfd62c2fa13a5970021
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Thu Oct 22 09:36:34 2020 +0200
JCRVLT-433 warn on ineffective achandling (#102)
---
.../spi/impl/AccessControlValidator.java | 19 +++++++++----
.../spi/impl/AccessControlValidatorTest.java | 33 ++++++++++++++++++++--
2 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/vault-validation/src/main/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidator.java b/vault-validation/src/main/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidator.java
index 3f400d6..ae32b81 100644
--- a/vault-validation/src/main/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidator.java
+++ b/vault-validation/src/main/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidator.java
@@ -35,27 +35,36 @@ import org.jetbrains.annotations.Nullable;
public class AccessControlValidator implements DocumentViewXmlValidator {
protected static final JcrACLManagement ACL_MANAGEMENT = new JcrACLManagement();
- protected static final String MESSAGE_IGNORED_ACCESS_CONTROL_LIST = "Found an access control list, but it is never considered during installation as the property 'acHandling' is set to 'ignore' or 'clear'!";
+ protected static final String MESSAGE_IGNORED_ACCESS_CONTROL_LIST = "Found an access control list, but it is never considered during installation as the property 'acHandling' is set to '%s'!";
+ protected static final String MESSAGE_INEFFECTIVE_ACCESS_CONTROL_LIST = "Found no access control list, but there is supposed to be one contained as the property 'acHandling' is set to '%s'!";
private final ValidationMessageSeverity severity;
private final AccessControlHandling accessControlHandling;
-
+ private boolean hasFoundACLNode;
+
public AccessControlValidator(ValidationMessageSeverity severity, AccessControlHandling accessControlHandling) {
super();
this.severity = severity;
this.accessControlHandling = accessControlHandling;
+ this.hasFoundACLNode = false;
}
@Override
public Collection<ValidationMessage> done() {
+ // make sure that at least one rep:Policy node is contained
+ if (!hasFoundACLNode && accessControlHandling != AccessControlHandling.IGNORE && accessControlHandling != AccessControlHandling.CLEAR) {
+ return Collections.singleton(new ValidationMessage(severity, String.format(MESSAGE_INEFFECTIVE_ACCESS_CONTROL_LIST, accessControlHandling)));
+ }
return null;
}
@Override
public @Nullable Collection<ValidationMessage> validate(@NotNull DocViewNode node, @NotNull NodeContext nodeContext,
boolean isRoot) {
- // extract primary type
- if ((accessControlHandling == AccessControlHandling.IGNORE || accessControlHandling == AccessControlHandling.CLEAR) && node.primary != null && ACL_MANAGEMENT.isACLNodeType(node.primary)) {
- return Collections.singleton(new ValidationMessage(severity, MESSAGE_IGNORED_ACCESS_CONTROL_LIST));
+ if (node.primary != null && ACL_MANAGEMENT.isACLNodeType(node.primary)) {
+ hasFoundACLNode = true;
+ if (accessControlHandling == AccessControlHandling.IGNORE || accessControlHandling == AccessControlHandling.CLEAR) {
+ return Collections.singleton(new ValidationMessage(severity, String.format(MESSAGE_IGNORED_ACCESS_CONTROL_LIST, accessControlHandling)));
+ }
}
return null;
}
diff --git a/vault-validation/src/test/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidatorTest.java b/vault-validation/src/test/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidatorTest.java
index 96d7235..8c162f6 100644
--- a/vault-validation/src/test/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidatorTest.java
+++ b/vault-validation/src/test/java/org/apache/jackrabbit/vault/validation/spi/impl/AccessControlValidatorTest.java
@@ -48,6 +48,33 @@ public class AccessControlValidatorTest {
DocViewNode node = new DocViewNode("somename", "somename", null, props, null, "rep:ACL");
Collection<ValidationMessage> messages = validator.validate(node, new NodeContextImpl("/apps/test/deep", Paths.get(".content.xml"), Paths.get("base")), false);
Assert.assertThat(messages, AnyValidationMessageMatcher.noValidationInCollection());
+ Assert.assertThat(validator.done(), AnyValidationMessageMatcher.noValidationInCollection());
+ }
+
+ @Test
+ public void testWithoutACLsAndClear() {
+ validator = new AccessControlValidator(ValidationMessageSeverity.ERROR, AccessControlHandling.CLEAR);
+
+ Map<String, DocViewProperty> props = new HashMap<>();
+ props.put("prop1", new DocViewProperty("prop1", new String[] { "value1" } , false, PropertyType.STRING));
+
+ DocViewNode node = new DocViewNode("somename", "somename", null, props, null, "unstructured");
+ Collection<ValidationMessage> messages = validator.validate(node, new NodeContextImpl("/apps/test/deep", Paths.get(".content.xml"), Paths.get("base")), false);
+ Assert.assertThat(messages, AnyValidationMessageMatcher.noValidationInCollection());
+ Assert.assertThat(validator.done(), AnyValidationMessageMatcher.noValidationInCollection());
+ }
+
+ @Test
+ public void testWithoutACLsAndMerge() {
+ validator = new AccessControlValidator(ValidationMessageSeverity.ERROR, AccessControlHandling.MERGE);
+
+ Map<String, DocViewProperty> props = new HashMap<>();
+ props.put("prop1", new DocViewProperty("prop1", new String[] { "value1" } , false, PropertyType.STRING));
+
+ DocViewNode node = new DocViewNode("somename", "somename", null, props, null, "nt:unstructured");
+ Collection<ValidationMessage> messages = validator.validate(node, new NodeContextImpl("/apps/test/deep", Paths.get(".content.xml"), Paths.get("base")), false);
+ Assert.assertThat(messages, AnyValidationMessageMatcher.noValidationInCollection());
+ ValidationExecutorTest.assertViolation(validator.done(), new ValidationMessage(ValidationMessageSeverity.ERROR, String.format(AccessControlValidator.MESSAGE_INEFFECTIVE_ACCESS_CONTROL_LIST, AccessControlHandling.MERGE)));
}
@Test
@@ -61,7 +88,8 @@ public class AccessControlValidatorTest {
Collection<ValidationMessage> messages = validator.validate(node, new NodeContextImpl("/apps/test/deep", Paths.get(".content.xml"), Paths.get("base")), false);
ValidationExecutorTest.assertViolation(messages,
- new ValidationMessage(ValidationMessageSeverity.ERROR, AccessControlValidator.MESSAGE_IGNORED_ACCESS_CONTROL_LIST));
+ new ValidationMessage(ValidationMessageSeverity.ERROR, String.format(AccessControlValidator.MESSAGE_IGNORED_ACCESS_CONTROL_LIST, AccessControlHandling.CLEAR)));
+ Assert.assertThat(validator.done(), AnyValidationMessageMatcher.noValidationInCollection());
}
@Test
@@ -75,6 +103,7 @@ public class AccessControlValidatorTest {
Collection<ValidationMessage> messages = validator.validate(node, new NodeContextImpl("/apps/test/deep", Paths.get(".content.xml"), Paths.get("base")), false);
ValidationExecutorTest.assertViolation(messages,
- new ValidationMessage(ValidationMessageSeverity.ERROR, AccessControlValidator.MESSAGE_IGNORED_ACCESS_CONTROL_LIST));
+ new ValidationMessage(ValidationMessageSeverity.ERROR, String.format(AccessControlValidator.MESSAGE_IGNORED_ACCESS_CONTROL_LIST, AccessControlHandling.IGNORE)));
+ Assert.assertThat(validator.done(), AnyValidationMessageMatcher.noValidationInCollection());
}
}